Well most importantly, your code is vulnerable to SQL injection. You should not be concatenating your SQL queries. Instead use parameterized queries or better yet stored procedures.
To answer your question though, it looks like you don't have the right number of double quotes. For the ending one, you've got a double quote and a single quote. And it appears you need two double quotes instead.